Essential Questions M&D Companies Should Ask About Cybersecurity

Christopher Wilkinson
| 11/17/2015
RISK-16005-015 Cybersecurity Blog 5A

High-profile cyberattacks on government agencies and the financial services, retail, and entertainment industries garner more media attention, but companies in the manufacturing and distribution (M&D) sector are just as vulnerable to the loss, theft, or destruction of sensitive data. So it is incumbent on M&D businesses to put in place the same cybersecurity essentials that other vulnerable businesses implement, including:

  • A formal and thorough cybersecurity program
  • Clearly defined responsibility for cybersecurity issues, including a designated cybersecurity officer
  • Well-defined, up-to-date procedures for identifying vulnerabilities in the organization
  • The ability to detect malicious activity, including advanced attacks
  • Detailed cyberincident response plans

Beyond these core elements, the challenges M&D companies face are specific to their industry. The following two topics – logging and monitoring the risk and addressing legacy system issues – are designed to assist technology and information security officers with identifying common vulnerabilities.

These are questions they should be asking themselves about their company’s current cybersecurity requirements, capabilities, and gaps.

  • What steps do we take to log and monitor cybersecurity risk?
  • Have we tuned and customized our security information and event management (SIEM) system to look for attacks?
  • Are we testing the SIEM for effectiveness?
  • Have we integrated all layers of technology into the SIEM?

SIEM systems are used widely to aggregate and correlate the numerous event logs that are integral to various technology systems, including networks, databases, servers, and individual applications. To be effective, a company’s SIEM system must be customized and tuned to integrate all layers of technology into the company’s unique system environment.

Beyond merely aggregating the information, however, the SIEM must also be configured to identify particularly sensitive data, as well as to apply intelligent analysis that recognizes specific event patterns that could indicate both basic and advanced types of attacks.

How do we manage security for legacy systems that are no longer supported?

  • What legacy systems do we rely on that can no longer be patched or updated?
  • What compensating controls are in place for these systems?
  • How are these systems incorporated into our organizational risk management approach?
  • What steps are we taking to replace these systems?

Modern M&D organizations typically rely on a variety of highly specialized or customized production software applications that, over time, become outdated or are no longer supported by their original providers. Although running software past its support date is never recommended, a variety of business reasons might make it necessary to do so. Often, viable replacement applications are either unavailable or prohibitively expensive – yet retaining outdated software is a risky tactic that introduces the possibility of new vulnerabilities that cannot be patched or updated.

M&D management needs to identify such vulnerable legacy systems and implement compensating controls that can help bring the risk of these systems to an acceptable level.

Cybersecurity issues in the M&D industry are further explored in this IndustryWeek article, "Cybersecurity on the Factory Floor."